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DETAILED ACTION 
Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

2. Claim 7, 21-22 rejected under 35 U.S.C. 102(e) as being anticipated by U.S. 
Patent 6,304,262 B1 to Maloney et al. (hereinafter Maloney). 

3. Regarding Claim 7, 21 , Maloney discloses the building of graph and the 
classifying of the attack see Col 10 Ln 37-45 & Col 6 Ln 64-Col 7 Ln 6. 

4. Regarding Claim 22, Maloney discloses the vector-based correlation process 
that correlates suspicious parameters and determines existence of correlations of 
those parameters that can point to types of attacks and reduce dropping 
legitimate traffic see Col 6 Ln 63-Col 7 Ln 1 1 . 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been 
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obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

6. Claim 1-6, 18-20, 22, 28-37 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over U.S. Patent 6,301,668 B1 to Gleichauf et al. (hereinafter 
Gleichauf) in view of U.S. Patent 6,304,262 B1 to Maloney et al. (hereinafter 
Maloney). 

7. Regarding Claim 1 , Gleichauf discloses a detection process to determine to if 
the parameter has exceeded normal values see Col 8 Ln 46- Col 9 Ln 3; the 
filtering process based on the characteristic and being incorporated in a firewall, 
router, and ID system see Col 1 Ln 22-31 & Col 4 Ln 33-39. Gleichauf does not 
disclose a process of building an graph to and to classify the attack. However, 
Maloney discloses the building of graph and the classifying of the attack see Col 
10 Ln 37-45. It would be obvious to one having ordinary skill in the art at the time 
of the invention to include the building of graph and the classifying of the attack in 
the invention of Gleichauf in order to allow the systems administrator to take 
appropriate measures as taught in Maloney see Col 7 Ln 40-Col 8 Ln 12. And 
further, Gleichauf discloses the possibly of visual representation see Fig. 3 item 
64, thus the inclusion of a building a graph would be reasonable successful. 

8. Regarding Claim 2, 3, and 4, 22, Gleichauf does not disclose a vector-based 
correlation process that correlates suspicious parameters and determines 
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existence of correlations of those parameters that can point to types of attacks 
and reduce dropping legitimate traffic . However, Maloney discloses the vector- 
based correlation process that correlates suspicious parameters and determines 
existence of correlations of those parameters that can point to types of attacks 
and reduce dropping legitimate traffic see Col 6 Ln 63-Col 7 Ln 1 1 . It would be 
obvious to one having ordinary skill in the art at the time of the invention to 
include a correlation process that correlates suspicious parameters and 
determines existence of correlations of those parameters that can point to types 
of attacks in the invention of Gleichauf in order to a precise relationship and to 
differentiate between legitimate traffic as taught in Maloney see Col 7 Ln 7-1 1 . 

9. Regarding Claim 5, Gleichauf discloses the aggregate filtering see Col 1 Ln 23- 
31. 

10. Regarding Claim 6 and 18, Gleichauf discloses the parameters including a 
source IP protocol, IP length, TCP/UDP ports see Col 6 Ln 24-35. 

1 1 .Regarding Claim 19, Gleichauf discloses the data collector see Fig. 2 item 36. 

1 2. Regarding Claim 20, Gleichauf discloses the process being executed on a 
gateway see Fig. 2 item 20. 
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13. Regarding Claim 28-31 and 32, Gleichauf discloses a detection process to 
determine to if the parameter has exceeded normal values see Col 8 Ln 46- Col 
9 Ln 3; the filtering process based on the characteristic and being incorporated in 
a firewall, router, and ID system see Col 1 Ln 22-31 & Col 4 Ln 33-39. Gleichauf 
does not disclose a process of building an graph to and to classify the attack. 
However, Maloney discloses the building of graph and the classifying of the 
attack see Col 10 Ln 37-45. It would be obvious to one having ordinary skill in the 
art at the time of the invention to include the building of graph and the classifying 
of the attack in the invention of Gleichauf in order to allow the systems 
administrator to take appropriate measures as taught in Maloney see Col 7 Ln 
40-Col 8 Ln 12. And further, Gleichauf discloses the possibly of visual 
representation see Fig. 3 item 64, thus the inclusion of a building a graph would 
be reasonable successful. 

14. Regarding Claim 33, 34, 35, and 36, Gleichauf discloses the communicating 
statistics to a control center, the gateway being deployed in the network and 
filtering occurs on nearby routers see Fig.1 item 5, Fig. 2 item 20, Fig. 2 item 16 
and 32. 

15. Regarding Claim 37-38, Gleichauf discloses a detection process to determine to 
if the parameter has exceeded normal values see Col 8 Ln 46- Col 9 Ln 3; the 
filtering process based on the characteristic and being incorporated in a firewall, 
router, and ID system see Col 1 Ln 22-31 & Col 4 Ln 33-39. Gleichauf does not 
disclose a process of building an graph to and to classify the attack. However, 
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Maloney discloses the building of graph and the classifying of the attack see Col 
10 Ln 37-45. It would be obvious to one having ordinary skill in the art at the time 
of the invention to include the building of graph and the classifying of the attack in 
the invention of Gleichauf in order to allow the systems administrator to take 
appropriate measures as taught in Maloney see Col 7 Ln 40-Col 8 Ln 12. And 
further, Gleichauf discloses the possibly of visual representation see Fig. 3 item 
64, thus the inclusion of a building a graph would be reasonable successful. 
Gleichauf does not disclose a vector-based correlation process that correlates 
suspicious parameters and determines existence of correlations of those 
parameters that can point to types of attacks and reduce dropping legitimate 
traffic . However, Maloney discloses the vector-based correlation process that 
correlates suspicious parameters and determines existence of correlations of 
those parameters that can point to types of attacks and reduce dropping 
legitimate traffic see Col 6 Ln 63-Col 7 Ln 1 1 . It would be obvious to one having 
ordinary skill in the art at the time of the invention to include a correlation process 
that correlates suspicious parameters and determines existence of correlations of 
those parameters that can point to types of attacks in the invention of Gleichauf 
in order to a precise relationship and to differentiate between legitimate traffic as 
taught in Maloney see Col 7 Ln 7-1 1 . 
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16. Claim 25 rejected under 35 U.S.C. 103(a) as being unpatentable over U.S. 
Patent 6,304,262 B1 to Maloney et al. (hereinafter Maloney) in view of U.S. 
Patent 6,301,668 B1 to Gleichauf et al. (hereinafter Gleichauf). 

17. Regarding Claim 25, Maloney does not discloses the installing filters on routers, 
having data collectors, and parameters. However, Gleichauf discloses the 
installing of filters on routers see Col 4 Ln 33-39. Gleichauf discloses the data 
collector see Fig. 2 item 36. And further, Gleichauf discloses the parameters 
including a source IP protocol, IP length, TCP/UDP ports see Col 6 Ln 24-35. It 
would be obvious to one having ordinary skill in the art at the time of the 
invention to include installing filters on routers in the invention of Maloney in 
order to increase security as taught in Gleichauf see Col 4 Ln 33-39. 



18. Claim 8-17, 23-24, 39-40, would be allowable if rewritten t o overcom e the 



a«d to include all of the limitations of the base claim and any intervening claims. 



Allowable Subject Matter 




\2>W>\ rQ j Q ction(s) under 35 U.C.C. 112, 2nd pjuy i dp li , sel forth i n I I l i s Offi 



ce act i o n 
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Conclusion 



19. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Venkatanarayanan Perungavoor whose 
telephone number is 571-272-7213. The examiner can normally be reached on 
8-4:30. If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Gilberto Barron can be reached on 571-272-3799. The 
fax phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. 

20. Information regarding the status of an application may be 'obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR 
only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 
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Art Unit 2132 



7/8/2005 




GILBERTO BARRON J/ 1 * 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



